Q4-2024_Can Your HA Solution Help You Recover from a Ransomware Attack_E_FINAL.pptx
Syncsort
36 views
32 slides
Oct 17, 2024
Slide 1 of 32
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
About This Presentation
While IBM Power Systems running IBM i or IBM AIX have historically been considered a more secure platforms, vulnerabilities can still be exploited. If you are faced with the worst-case scenario of a “successful” ransomware attack, your known-good, immutable data backup files are not just your i...
Slide Content
Can Your HA Solution Help You Recover from a Ransomware Attack? Bill Hammond | Director, Product Marketing Barry Kirksey | Principal Sales Engineer
Today’s Topics Multiple benefits of HA Limiting the impact of ransomware Be prepared Train staff React quickly Recovery with Assure MIMIX 2
Benefits of HA
Downtime is expensive! 4 $1.3M in reputational loss 1 Customers Suppliers Financial Markets Business Partners Sources: 1. Cost of a Data Breach Report 2023, IBM 2. The Cost of Downtime in Datacenter Environments, IDC 3. Gartner 4. ITIC 2021 Hourly Cost of Downtime Survey, ITIC $100K+ lost productivity per hour 2 Impacted Employees x Avg. Hourly Rate x Outage Time = Direct Cost $5,600 per minute in financial losses 3 Revenue Recognition Cash Flow Lost Discounts Other expenses Temporary Employees Equipment rental Overtime Costs Legal Obligations 32% increase in revenue impacts to organization 4 Direct Loss Compensatory Payments Lost Future Revenue Billing Losses
The Source of Downtime Planned Downtime Tape backups OS upgrades Application upgrades Hardware upgrades Application testing Unplanned Downtime Natural disasters Hardware failures Human error Software defects or failures Storage or disk failure Mimix & Precisely can protect the IBMi from all sources of downtime. 5 Malicious Downtime Malware Ransomware Rogue employee
Top Benefits of HA 6 Increased Uptime and Reduced Downtime Minimized disruptions : HA solutions are built to automatically failover to redundant systems in case of hardware failures, software issues, or network outages Improved customer satisfaction: Reduced downtime leads to better user experiences and increased customer satisfaction. Enhanced Business Continuity Resilience to disasters: HA solutions can help businesses recover quickly from natural disasters or other catastrophic events. Protection of critical operations : By ensuring continuous access to essential applications, HA helps safeguard critical business processes. Optimized Resource Utilization Load balancing: HA solutions can distribute workloads across multiple systems, improving performance and preventing bottlenecks. Efficient resource allocation: By ensuring that resources are used effectively, HA can help reduce costs and improve overall efficiency
Top Benefits of HA 7 Improved Scalability and Flexibility Adaptability to changing needs: HA solutions can be easily scaled up or down to meet changing business requirements. Support for growth: HA can help businesses prepare for future growth and expansion Reduced Costs Preventive maintenance: HA can help identify and address potential issues before they lead to downtime, reducing maintenance costs Avoiding revenue loss: By preventing downtime and ensuring continuous operations, HA can help businesses avoid costly revenue losses. Improved Data Integrity and Security Redundancy and replication : HA often involves data replication across multiple systems, ensuring data integrity and protection against data loss Enhanced security : HA can help prevent unauthorized access or data breaches by providing multiple layers of protection.
Assure MIMIX Replication 8 Apply Changes Data Journals Remote Journal receivers Changes Monitor & Send Audit Journal Apply (target side buffer) Production Object Receiver (target side buffer) Hot backup Remote Journaling Full object replication Source Server A Source Server B
Scalable, Expandable Protection Multi-server protection and data access Enables seamless switching in environments with 3+ nodes Maximizes HA/DR protection and data access Delivers max protection with both local and remote HA/DR nodes Protects from unplanned outages during planned downtime Enables distribution of real-time data to a virtually unlimited number of replicate nodes for decision making or business processing Active-Active replication for switch times in seconds 2 or more active production servers replicating to each other Enables switch times in seconds and workload balancing Requires change from positional to keyed replication Built-in collision resolution methods available in Assure MIMIX Professional services available for application optimization Production Server Active-Active Replication Production Server Changed data Changed data Production Server Local HA Server Remote DR Server Data Distribution Server Data Distribution Server 9
Limiting the impact
Security breaches have big impacts The global average cost of a data breach - $4.88M – represents more than a 10% increase year over year This is being driven by lost business costs and post-breach response costs soared The most common type of data stolen or compromised was customer PII, at 46%. Tax ID numbers Emails and home addresses, Used in identity theft and credit card fraud. Fines associated with data breaches up 22.7% * IBM Cost of a Data Breach Report 2024 11
Security Skills Shortage Increased Risk of Cyberattacks Higher Costs The security skills shortage in 2024 has significant implications for companies, impacting their operations, finances, and overall security posture The number of organizations facing a critical lack of skilled security workers rose dramatically, to 53% in 2024 compared to 42% last year. Skills shortage equated to higher breach costs rose 7.1% year over year Vulnerable Systems : Can lead to unpatched systems and vulnerabilities that are easily exploited by attackers. Data Breaches : Inadequate cybersecurity increases likelihood of data breaches, resulting in financial losses, reputational damage, and potential legal consequences Incident Response : Significant costs for incident response, legal fees, and public relations efforts. Regulatory Fines: Non-compliance can result in hefty fines and penalties, Business and Reputation : Loss of customer trust, decreased revenue, and long-term reputation damage Attracting and Retaining Talent Disrupted Operations Competitive Job Market : Highly competitive job market, makes it difficult for companies to attract and retain top talent. Increased compensation: H igher salaries and benefits to compete for skilled cybersecurity workers, adds to the expense System Downtime : Disruptions to critical business processes, impacting productivity and customer satisfaction. Loss of Customer Data : Loss of sensitive customer information, leading to privacy concerns and legal liabilities. 12
83% of breaches involve internal actors 68% from non-malicious actors * Verizon 2024 Data Breach Investigations Report 13
14 Regular Backups: Implement a robust backup system that stores data off-site. Ensure backups are tested regularly to verify their functionality. Security Awareness Training : Educate employees about ransomware threats and best practices for avoiding phishing scams and malware infections. Patch Management : Keep software and operating systems updated with the latest security patches to address vulnerabilities. Network Segmentation : Divide your network into smaller segments to limit the spread of malware if a breach occurs. Prevention and Preparedness are key
Incident Response Planning: A Crucial Defense Rapid Response : A well-defined plan outlines the steps to take when an incident occurs, enabling a swift and effective response to limit the damage and prevent further escalation Damage Control : By following a structured plan, organizations can minimize the impact of an incident on their operations, reputation, and financial standing. Compliance : A comprehensive plan can help organizations demonstrate compliance with government or industry requirements. Business Continuity : Incident response plans help ensure that essential business functions can continue to operate even in the face of a security breach Incident Identification and Notification : Procedures for detecting and reporting incidents Containment : Steps to isolate the affected systems and prevent further damage. Eradication : Methods for removing the threat and restoring systems to a secure state. Recovery : Procedures for restoring normal operations and preventing future incidents. 15 Lessons Learned: A process for analyzing the incident and identifying areas for improvement Why Incident Response in Important Components of an Incident Response Plan
16 Protect, Detect, and Recover for IBM i Protect with Assure Security Detect with Ironstream Recover with Assure MIMIX Encryption Multi-Factor Authentication System Access Monitoring & Reporting Production DR/HA Malicious
Recovery from a Ransomware attack
The system is corrupt! What now? You must have a Continuous Data Protection (CDP) recovery plan! Execute the plan Recover to an acceptable point prior to the corruption 18
Planning: Maintain known good starting points Regular SAVEs Pros: Allows for the most granularity (file, library) Cons: Restore time Not suitable for IFS Directories Flash copy/Snapshot image Pros: May be faster than restore Suitable for IFS Directories and Stream files Cons: Quality of snapshot questionable Requires restore of Journal Receivers Journal Receivers Needed for rolling forward from start point Immutable Must be retained (protected from deletion) 19
Planning: Requirements for CDP Apply Journal Change: Method to roll forward (apply) the journal entries from the known good point. Logical Replication Software: Software to roll forward (apply) the journal entries from the known good point. Start Point: Point in the journal receiver chain of the chosen known good point to Roll Forward from. Recovery Point: Point in the journal receiver chain where logical replication should stop. This is typically before the point of corruption. Final Readiness Process: Typical Unplanned Switch Procedure to prepare the Database for normal operations (i.e. commitment control, triggers referential constraints, etc ). Final User validation 20
Planning: Snapshot Quality State of Production LPAR at Time of Flash Open Commits All user data written to storage Known Transaction Point Quality of snapshot Requires outage Powered down No Yes Yes ⭐⭐⭐⭐⭐ Yes Restricted State No Yes Yes ⭐⭐⭐⭐ Yes Applications down No Yes Yes ⭐⭐⭐⭐ Yes Quiesced applications No Yes Yes ⭐⭐⭐⭐ Yes Application running with FORCE WRITE action performed No In doubt No ⭐⭐ No Application running with FORCE WRITE action performed Yes Unlikely No ⭐ No Application running No In doubt No ⭐ No Application running Yes Highly unlikely No ⭐ No 21
Known Recovery Point IBM I Vol 01 IBM I Vol .. IBM I Vol .. IBM I Vol .. IBM I Vol 88 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 Production Data Immutable Snapshots – Every Hour GOOD WARNING FAIL Validated Immutable Snapshots Known Recovery Point and Recovery Times 22
“Be Prepared” for CDP Recovery -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Snapshots Full Backup Incremental Backup Known Good P oints High Quality snapshot Low Quality snapshot Journal Receivers System Corrupt Normal LPAR A: ! 23
CDP Recovery: from SAVE -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Full Backup Incremental Backup Known Good Points Journal Receivers System Corrupt LPAR A: Recovery Operations Recovery Point Start Point System restore Libraries Files Objects Normal LPAR B: Roll Forward Restore offers granularity to the object level, but will be slower to complete 24
CDP Recovery: from SNAPSHOT -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Journal Receivers System Corrupt Recovery Operations Recovery Point Start Point IPL Snapshot Normal LPAR B: Roll Forward Snapshots Known Good P oints LPAR A: High Quality snapshot Low Quality snapshot 25
CDP Recovery at the LPAR level A A Roll forward Restore Roll forward IPL Snapshot Recovery Point Recovery Point Roll Forward Recovery: from SAVE Roll Forward Recovery: from SNAPSHOT 26
Multi-LPAR CDP Readiness Topology A - Primary B - Backup Real-time HA/DR A - Recovery B - Recovery Journal Receivers Journal Receivers Journal Receivers must be retained. Protect them from deletion by replicating them to another separate LPAR 27
Example Event Timeline - NORMAL Timestamp Event LPAR Comments Sunday 0100 Database SAVE A or B Media should be available to B system Regularly Remote Journal Receiver SAVEs B Receivers are required for roll forward recovery - should be changed regularly and saved expeditiously 28
Example Event Timeline – Cyber Attack Timestamp Event LPAR Comments Thursday 1400 Cyber attack – Rogue database changes occur A Rogue record changes are replicated to B Thursday 1415 Production isolated and offline A B is online, but not available to users. Thursday 1700 Decision to perform a roll forward recovery 29
Example Event Timeline - Recovery Timestamp Event LPAR Comments Thursday 1730 CLRLIB completed, RESTORE started B Affected libraries Friday 1300 RESTORE completed B Affected libraries Friday 1315 Initialize Data Groups for restart B Set Data Group Recovery Point Friday 1330 Replay forward from SAVE Point B Start Data Groups from SAVE point in journal receivers. Recovery Point – 1 Reach Recovery Point B Stop Data Groups Recovery Point – 2 Perform final readiness B Switch Procedure to close commit control cycles, prepare database Recovery Point – 3 Present recovered database B 30
Q & A
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 36
- Slides 32
- Age 410 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views